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Information technology governance (ITG) in local government is aimed at a 
good governance service framework. Reports produced as a result of the 
framework’s implementation help to improve governance’s openness, 
potency, and efficiency. A strong governance structure for adopting 
information technology (IT) is essential to ensuring its best utilization. 
The governance system should be properly managed to support the 
organization’s business. Therefore, this research aims to design an ITG 
system suitable for best practices using the control objectives for information 
technologies (COBIT) 2019 framework. The recommendations from the 
core model were processed based on the priority or competence level that 
local government entities use. It also produced a core model with capability 
levels of 1 and 2 that do not exist. The recommendation designated for the 
priority level of 3 was 17. The core model to be assigned a capability level 
of 4 urgently needed to be implemented was 23 core models. 
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1. INTRODUCTION 

Advances in information technology (IT) platforms have introduced an increasingly complex layer 
in the planning and decision-making processes [1]-[3], as well as support organizations in the delivery of 
goods and services to customers. Nearly all company activities involve IT, which is seen as a strategic 
opportunity to gain an advantage over competitors [4]. Its use in many organizations has made information 
technology governance (ITG) highly regarded since its inception in the early 1990s [5]-[7]. Interest in the role 
and relevance of IT has increased. Therefore, the proper management of these conditions is necessary. Applying 
the Indonesian Government System regulated by Presidential Instruction No. 3 of 2003 highlights the need to 
use information and communications technology (ICT) for government purposes. The application, both at the 
central and regional levels, requires professional management, human resources, high costs, and risk of failure. 
Therefore, an understanding of the use, development, and guidelines governing the utilization of organizational 
IT and the practice of an effective decision-making model is required [8]. 

IT is an integral part of most establishments and promises to become more integrated into the 
organization [9]-[11]. Considering the implementation of the ITG in Indonesia, this program has faced many 
challenges, both from the Council of Authorities and other bureaucratic institutions. The cause of these 
problems was 80% due to non-ICT elements (bureaucracy, politics, human resources, and power) and 20% 
related to ICT factors (system quality and reliability) [12]. The need for organized ITG is driven by the demand 
for clean, transparent administration, risk protection, costs, and opportunities related to implementation. 
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The public sector demands the ITG achieve its vision, mission, and goal. This is not always feasible 
because it causes problems that hinder public service performance [13]. As an organizational capability, ITG 
is critical for strategic alignment and business delivery. Unfortunately, the outcomes and contributions of 
ITG are poorly understood [14], [15]. This is because executive or organizational leadership has not yet 
acquired the knowledge to develop their business through technology. Although it is supported by 
sophisticated software running on reliable hardware, optimal implementation is impossible without 
appropriate management. Designing and understanding good governance should avoid implementation 
failures, adopt IT recovery during disasters, and sustain operations under every condition. This aligns with 
research that states that understanding the concept of governance is important because it sets the boundaries 
and scope of function and government purpose [16]. 

The directors’ board and executive management are in charge of ITG. Thus, it should be a crucial 
component of the overall administration, which consists of the organizational structure and leadership of current 
processes, to maintain the continuity of the established IT and create strategies and objectives [17]. Another 
concept states that the government applies ideas borrowed from organizational administration to strategically 
direct and control IT, specifically related to two main issues: the value technology provides to establishments 
and the control and mitigation of the related risks [18], [19]. This shows that IT has shifted from technology to 
management. Hence, they should be managed as other organizational assets. The implementation should be 
carried out correctly and supported by good governance from the planning to the application stage. 

Effective ITG is built on several essential pillars: leadership, organization, proper decisions, 
flexibility, scalable processes, and available technology [20], [21]. Organizations must use well-designed, 
understood, transparent mechanisms [21], [22]. However, good governance arrangements are expected to fail 
when the supporting tools are not implemented adequately. To facilitate its implementation, a study was 
conducted on the mechanisms, procedures, and structures of the ITG. Implementing this governance is very 
important for organizations to generate tangible business benefits such as good reputation, trustworthiness, 
and reduced costs [23]. Moreover, it aims to enhance and ensure the effective use of resources as an essential 
factor for organizational success [24]. According to some studies, the aim is to ensure value creation from 
investments and reduce IT-related risks [25], [26]. Therefore, effective governance is necessary and not an 
option [27], [28]. 

ITG is one of the crucial instruments used by managers presently, as it is no longer only a support 
but also a strategic tool that drives the business. Organizations need to understand the process of managing IT 
in a dynamic and competitive world rather than only using it. Additionally, governance is concerned with 
assigning responsibilities and making the right decisions to drive desired behavior, generate value from IT 
investments, and fully align with the organization’s business strategy and direction [29]. This impacts the 
organization’s overall performance, but there are still difficulties in understanding the influencing factors [30]. 
Design factors influence organizational systems and position them for successful use [31]. It is essential to 
consider several governance and management goals if IT is to help accomplish organizational goals 
significantly. As a reference tool, control objectives for information technologies (COBIT) 2019 has established 
a core model with governance and management goals. This is important for understanding the problems and 
strategic benefits of IT, ensuring the effectiveness of governance, and facilitating implementation adapted to 
business conditions. 


2. METHOD 

The method aimed to clarify what to achieve in research, and problem-solving can run following 
attaining the objectives. Therefore, a quantitative technique was used to collect data from the 15 respondents 
through questionnaires. Observations, documentation, and interviews with several stakeholders were conducted 
to strengthen the questionnaires. This research was conducted at the Information and Statistics Communications 
and Statistics Office of Gorontalo Province, which has developed e-government and IT activities. Interviews 
were held with the directors of infrastructure, application development, and e-government. The data analyses 
used the input values for the 11 design factors in the COBIT 2019 design tool kit. 

Design factors can affect an organization’s governance structure, placing it in a successful I&T 
position. The goal cascade of an organization is one of the stages of the design factors, as depicted in Figure 1. 
From the figure, the core model of the governance system is limited to variant components, including the 
threat landscape, compliance requirements, IT role, and enterprise size. This approach will result in 
suggestions for management objectives and ranking governance or related governance system components, 
establishing target capacity levels, or implementing certain governance system component modifications. 

There are two types of components of the 2019 COBIT governance system consist of 2 types: generic 
and variant in the core model and the application of its principles. Although it is based on a generic component, 
this variant has been altered for a particular purpose or set in a specific area of emphasis. This research focused 
on information security, DevOps, and the fulfilment of specific regulations as the strategic alignment of IT and 
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the delivery of the organization’s business in line with the limited core model components. Furthermore, the 
assessment of design factors includes four stages, as shown in Figure 2 with the explanation. The various 
steps and processes in the design process, as depicted in Figure 2, will result in recommendations for ranking 
governance and management goals or related setting target capability levels, governance system components, 
or implementing particular variations of a governance system component. 


Enterprise Enterprise i : I&T-Related Threat 
Strategy Goals Risk Profile 


Issues Landscape 


Sourcing IT Technology i 
Pict cease Role of IT Model Implementation Adoption Enterprise 
q for IT Methods Strategy Size 


Future Factors 


Figure 1. COBIT design factors 


2. Determine : 
paiaka the initial 3, Patins me 4. Conclude the 
s se richer scope of the scope on ine governance 
ome an governance R system design. 
egy. system. sysiom. 

* 1.1 Understand enterprise + 2.1 Consider enterprise + 3.1 Consider the threat + 4.1 Resolve inherent priority 

Strategy. strategy. landscape. conflicts. 
+ 1.2 Understand enterprise + 2.2 Consider enterprise + 3.2 Consider compliance + 4.2 Conclude the 

goals. goals and apply the requirements. governance system 
* 1.3 Understand the risk COBIT goals cascade. + 3.3 Consider the role of IT. design. 

profile. + 2.3 Consider the risk profile + 3.4 Consider the sourcing 
* 1.4 Understand current of the enterprise. model. 

|&T-related issues. + 2.4 Consider current + 3.5 Consider IT 

1&T-related issues. implementation methods. 
+ 3.6 Consider the IT adoption 
strategy. 
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Figure 2. Governance system design workflow 


3. RESULTS AND DISCUSSION 

The workflow of the four governance systems is explained in terms of the design stages depicted in 
Figure 2. Firms should customize their governance systems by considering design factors to maximize the 
benefits of using technology. A set of design elements must be used as guidelines for changing and prioritizing 
the constituent parts of the governance system to create an effective governance system for the company. 


3.1. Understanding the organizational context and strategy 

Understanding organizational strategy helps to identify the most appropriate method based on 
archetypes. Organizations usually have one primary or secondary archetype or pattern. For example, other 
value design factors become secondary archetypes when the primary system is innovative/differentiated. 
There are four archetypes: growth/acquisition, which focuses on development and profit; 
innovation/differentiation; providing innovative services or products; cost leadership; minimizing short-term 
costs; client service/stability-enhancing stability; and user-oriented services [31]. 

Understanding organizational aims as a strategy can be realized by achieving these goals. There are 
13 goals with the organization’s ability to distinguish between primary and secondary types, broken down 
into four perspectives: customer, financial, growth, and internal. Analyzing IT-related risks is necessary at 
the stage of understanding the profile. Nineteen risk profiles were identified, and the findings of previous 
studies turned into goals for governance and management. The next step involved understanding IT concerns, 
where 20 currently connected risks or difficulties were discovered by examining the organization’s audit 
records, management reports, or interviews [31]. 
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3.2. Determining the governance system’s initial scope 

The stage establishes the governance system’s initial scope by leveraging information from earlier 
studies. Figure 3 shows the organizational strategy. The value of client service/stability is five in the primary 
process. The organization focuses on providing services to the community, and the overall implementation of 
the ITG is fulfilled. 

Figure 4 illustrates the financial worth of organizational goals. The main goal, EG03-compliance 
with external rules and regulations, has a value of 5. This is because the organization always complies with 
existing rules and regulations. Besides, the establishment is in a heavily regulated field with a significant risk 
when they do not abide by the rules and regulations of the government. From the viewpoint of the customer, 
EG05-customer-oriented service culture-and EG06-business-service continuity and availability-are important 
objectives worth 5 points each. This is because organizations provide maximum service quality to the 
community, support public activities, and implement government proceedings. 

The value of organizational goals in the perspective of internal EG09-optimization of business 
process costs, including EG10-staff skills, motivation, and productivity, as well as the EG11-compliance with 
internal policies are assigned primary goals with a value of 5. The organization remains focused on 
optimization and cost efficiency without reducing the quality of public services. Therefore, to provide good 
public services, the organization focuses on human resources with the ability, skills, and work motivation and 
all organizational policies with the government. 

The value for organizational goals from a growth perspective EG12-managed digital transformation 
programs and EG13 product and business innovation is 5. Organizations attempt to be more responsive to 
changes and environmental demands. To improve benefits, such as cost savings, efficiency gains, and service 
effectiveness, innovation must be continued through the development, design, and use of digital technology 
for company activities and processes. Thus, regardless of size, all organizations and industries may run more 
effectively and provide value to their customers. 

In Table 1, the main priority in this risk profile, with an impact value of 5, is IT operational 
infrastructure incidents, with a rating of 10. This is because errors/damages sometimes occur but should be 
repaired quickly to provide good service to the community, this rarely occurs. Therefore, the likelihood was 2. 
Hardware incidents have a risk rating of 10 because their impact on business processes in the form of public 
services is enormous, such as servers experiencing interference. 

Meanwhile, logical attacks (hacking and malware) have a risk rating of 25 because they significantly 
impact the organization’s information assets and data security. Third-party/supplier incidents have a risk rating 
of 10 because the organization uses IT services from Internet providers. When damage or disruption occurs to 
the provider, it affects public services; that is, the impact of this risk scenario is five, and the likelihood is two. 


0 


cowth/acqistion i i as 


Cost Leadership E 4 


Figure 3. Design factors enterprise strategy 
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EG12—Managed digital transformation programs 
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Figure 4. Design factors enterprise goals 
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Risk scenario category Impact (1-5) Likelihood (1-5) Risk rating Baseline 


IT investment decision-making, portfolio definition and maintenance 
Program and projects life cycle management 
IT costs and oversight 

IT expertise, skills and behavior 
Enterprise/IT architecture 

IT operational infrastructure incidents 
Unauthorized actions 

Software adoption/usage problems 
Hardware incidents 

Software failures 

Logical attacks (hacking and malware) 
Third-party/supplier incidents 
Noncompliance 

Geopolitical issues 

Industrial action 

Acts of nature 

Technology-based innovation 
Environmental 

Data and information management 
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For the challenges of information technology, the results of the previous understanding were translated 
into priorities for governance and management purposes. This shows that among the 20 IT-related issues, 
as shown in Figure 5, some have an interest of 1, indicating no problem. Moreover, some have an interest of 2, 
which is problematic, and an interest of 3, which is a serious issue. Considering the organization’s risk profile 
and the present [&T-related challenges, the company must know these results. If these technical issues are not 
addressed, they can hinder worker productivity, jeopardize the security of sensitive data, and compromise 
company processes. 


3.3. Determining the governance system’s initial scope 


a) 


b) 


a) 


b) 


c) 


The threat environment in which the organization operates (Table 2) is: 


Organizations have an IT threat landscape of 10% high because comprehensive data protection and 
information security in digitalization are overcome by issuing regulations related to implementing 
information security within government agencies. The regulations issued were in the form of laws and 


decrees by the Minister of Communication and Information Technology. 


Organizations have an IT threat landscape of 10% normal because of the use of increasingly complex. 


IT causes vulnerabilities and menaces, including confidentiality, integrity, 
which can disrupt the performance of public service providers. 


Table 2. Design factor threat landscape 
Value _ Importance (100%) _ Baseline 
High 10% 33% 
Normal 10% 67% 


and service availability, 


The compliance requirements that are the targets of the organization (Table 3) are: 
The organization has 100% high compliance requirements because it should obey and comply with 
regulations where all activities are appropriate with applicable policies, rules, regulations, and laws. 
The organization has 100% normal compliance requirements because the wheels of the establishment 
run appropriately with the vision and mission that has been declared. It is subjected to a series of 


standard compliance requirements for local government establishments. 


The organization has 40% low compliance requirements because they do not need many prerequisites. 


Therefore, compliance needs were very high. 


Table 3. Requirements for design factor compliance 
Value __Importance (100%) __ Baseline 


High 100% 0% 
Normal 100% 100% 
Low 40% 0% 
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According to Table 4, an organization’s use of IT includes: 
IT plays a significant role in the Gorontalo provincial government. Therefore, the support value was 5. 
Some information system/information technology (IS/IT) also supports organizations’ business processes. 
The factory is worth one because the organization’s business processes and services still run despite IT 
failures. 
The turnaround is worth five because IS/IT is very supportive of the automation of business processes 
and organizational services needed by the community. 
Strategic value is 5. Providing excellent public services is the goal of all local governments. Therefore, 
IS/IT is critical for business processes and services. IS/IT simplifies the service process, introduces 
regional potential, and increases interactions between the community and business. 


Frustration between different IT entities across the organization because ofa 
perception of low contribution to business value 


Frustration between business departments (i.e., the IT customer) and the IT 
department because of failed initiatives or a perception of low contribution to 
business value 


Significant I&T-related incidents, such as data loss, security breaches, project 
failure and application errors, linked to IT 
Service delivery problems by the IT outsourcer(s) 


Failures to meet IT-related regulatory or contractual requirements 


Regular audit findings or other assessment reports about poor IT performance or 
reported IT quality or service problems 
Substantial hidden and rogue IT spending, that is, I&T spending by user 
departments outside the control of the normal I&T investment decision 
mechanisms and approved budgets 
Duplications or overlaps between various initiatives, or other forms of wasted 
resources 


Insufficient IT resources, staff with inadequate skills or staff 
bumout/dissatisfaction 


IT-enabled changes or projects frequently failing to meet business needs and 
delivered late or over budget 


Reluctance by board members, executives or senior management to engage with 
IT, or a lack of committed business sponsorship for IT 


Complex IT operating model and/or unclear decision mechanisms for IT-related 
decisions 


Excessively high cost of IT 


Obstructed or failed implementation of new initiatives or innovations caused by 
the current IT architecture and systems 


Gap between business and technical knowledge, which leads to business users and 
information and/or technology specialists speaking different languages 


Regular issues with data quality and integration of data across various sources 


High level of end-user computing, creating (among other problems) a lack of 
oversight and quality control over the applications that are being developed and 
put in operation 
Business departments implementing their own information solutions with little or 
no involvement of the enterprise IT department (related to end-user computing, 
which often stems from dissatisfaction with IT solutions and services) 


Ignorance of and/or noncompliance with privacy regulations 


Inability to exploit new technologies or innovate using I&T 


Figure 5. Design factors IT-related issues 
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Table 4. IT’s role as a design factor 


Value Importance (1-5) _ Baseline 
Support 5 3 
Factory 1 3 

Turnaround 5 3 
Strategic 5 3 


The adopted organizational resource model for IT (Table 5) is described: 

a) The value of the outsourcing model is 20% because organizations still need resources to develop or 
produce service products that tend to be complicated. Some services are standardized using products 
provided by the government. 

b) The cloud model is worth 30% because several IS/IT services use cloud systems in business processes 
and services. 

c) Using 100% in-source or existing resources with a workforce in IS/IT aligns with the organization’s 
needs to create their IS/IT by utilizing open-source system development. 


Table 5. Model for IT design factor sourcing 


Value Importance (100%) _ Baseline 
Outsourcing 20% 33% 
Cloud 30% 33% 
Insourced 100% 34% 


Organizations adopt IT implementation methods (Table 6) described: 

a) The value of agile methods is 100% because IS/IT in an organization is crucial for supporting business 
processes and public services, indicating that its development is implemented before the service is 
released. 

b) DevOps implementation is worth 80% because experts support human resources in IS/IT. Hence, the 
service quality is maintained. 

c) Implementing the traditional method is worth 80% because some services have a high level of 
complexity. Hence, this method is suitable for simplifying the design and management of requirements. 


Table 6. Design factor IT implementation method 


Value Importance (100%) Baseline 
Agile 100% 15% 
DevOps 80% 10% 
Traditional 80% 715% 


Table 7 presents the technology adoption strategy with the description. 

a) Organizations have a first-mover value of 100%, where they should be able to adapt to IS/IT 
developments better in providing good services to the public; hence, organizations generally adopt new 
technologies. 

b) Followers are worth 80% because the organization has resources capable of implementing IS/IT 
development. 

c) The slow adopter value is 60% because not all existing human resources adapt directly to IS/IT changes. 
Therefore, training is required for most human resources. 


Table 7. Design factor technology adoption strategy 


Value Importance (100%) Baseline 
First mover 100% 15% 
Follower 80% 70% 
Slow adopter 60% 15% 


The size of the enterprise related to the design of the organizational governance system is described 
as: the organization has more than 250 full-time employees and is a large organization. Because of their 
enormous budgets, these organizations can afford to be more nimble when spending on technology. 
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Therefore, IS/IT is designed to address all potential organizational problems related to public services. These 
types of solutions require considerable expertise for implementation. The IT Infrastructure of this 
organization is partly built using ready-to-use consumer technology. Organizations also need a centrally 
managed and monitored IT solution for all user security and bandwidth requirements. 


3.3.1. Conclude the governance system 

Based on the design factor mapping, the results of the ITG system are obtained, as shown in 
Figure 6 and explained in Table 8. This indicates that organizations should consider design governance and 
management objectives to build the most suitable and adaptable governance system. Besides that, it helps 
management understand the IT governance system, as well as helps management decide on the necessary 
controls. 

The technology management system is a core process model with recommended priority and 
capability levels. Governance/management goals that score or have a priority of 75 or higher require an 
ability level of four. Those prioritizing 50 or more required a capability level of 3. A score of 25 or higher 
indicates an ability level of 2. Meanwhile, for governance/management objectives with a score of less than 
25, the process should reach a capability level of 1. 

Table 8 shows that the no-core model has capability levels 1 and 2. Therefore, 17 and 23 core 
models are recommended to have a priority of 3 and 4, respectively. Considering these results, organizations 
must consider a core model with Level 4 capabilities, as shown in Table 9. 


Table 8. ITG and management design summary 


Core model Priority Capability level suggestion 
EDM01 - ensured governance framework setting and maintenance 65 3 
EDM02? - ensured benefits delivery 65 3 
EDM03 - ensured risk optimization 75 4 
EDM04 - ensured resource optimization 60 3 
EDM60S - ensured stakeholder engagement 75 4 
APOO! - managed IT management framework 75 4 
APO02 - managed strategy 65 3 
APOO3 - managed enterprise architecture 80 4 
APO04 - managed innovation 60 3 
APO0S - managed portfolio 65 3 
APO06 - managed budget and costs 50 3 
APOO7 - managed human resources 80 4 
APOO8 - managed relationships 75 4 
APOO9 - managed service agreements 60 3 
APO1O - managed vendors 70 3 
APO11 - managed quality 65 3 
APO12 - managed risk 85 4 
APO13 - managed security 85 4 
APO14 - managed data 70 3 
BAIO1 - managed programs 75 4 
BAIO2 - managed requirements definition 90 4 
BAIO3 - managed solutions identification and build 100 4 
BAI04 - managed availability and capacity 65 3 
BAIOS5 - managed organizational change 80 4 
BAI06 - managed IT changes 90 4 
BAIO7 - managed IT change acceptance and transitioning 90 4 
BAIO08 - managed knowledge 70 3 
BAIO9 - managed assets 65 3 
BAILO - managed configuration 90 4 
BAIL! - managed projects 80 4 
DSSO1 - managed operations 75 4 
DSS02 - managed service requests and incidents 75 4 
DSS03 - managed problems 75 4 
DSS04 - managed continuity 80 4 
DSS05 - managed security services 90 4 
DSS06 - managed business process controls 70 3 
MEAO1 - managed performance and conformance monitoring 70 3 
MEAO2 - managed system of internal control 65 3 
MEAO3 - managed compliance with external requirements 80 4 
MEA04 - managed assurance 75 4 


Core model of information technology governance system design in ... (Lanto Ningrayati Amali) 


758 o 


ISSN: 1693-6930 


Table 9. Core models recommendation 


Reference 


Recommended 


EDMO3 - ensured risk optimization 


EDM605 - ensured stakeholder engagement 


APOO1 - managed IT management framework 


APOO3 - managed enterprise architecture 


APO07 - managed human resources 
APO08 - managed relationships 
APO12 - managed risk 

APO13 - managed security 


BAIO1 - managed programs 


BAIO02 - managed requirements definition 


BAI03 - managed solutions identification and build 


BAIOS - managed organizational change 

BAI06 - managed IT changes 

BAIO7 - managed IT change acceptance and transitioning 
BAILO - managed configuration 


BAI11 - managed projects 


DSSO1 - managed operations 
DSS02 - managed service requests and incidents 


DSS03 - managed problems 


DSS04 - managed continuity 


DSSO5 - managed security services 


MEAO3 - managed compliance with external requirements 
MEAO04 - managed assurance 


Ensure that IT-related risks do not exceed the tolerance. The possibility for 
compliance failures must be reduced, and the risk impact on corporate value 
must be evaluated and controlled. 

a) To increase performance, ensure stakeholders support the IT strategy 
and roadmap, establish reporting bases, and promote effective and timely 
communication. 

b) Identify areas for development and ensure that organizational strategy 
and IT-related goals are compatible. 

To address the organization’s governance needs, adopt a consistent 

management strategy. This encompasses organizational structure, roles and 

duties, consistent and repeatable operations, information items, rules and 
procedures, competencies and skills, infrastructure, services, culture and 
behavior, and applications. 

It is essential to balance the various IT architectures used throughout the 

organization, their relationships, and the guiding principles that have shaped 

them over time. This will make it possible to achieve operational and strategic 
goals in a way that is consistent, quick, and cost-effective. 

Optimize the ability of human resources to meet organizational goals. 

Manage the appropriate knowledge, abilities, and attitudes to produce better 

results, boost mutual trust and self-confidence, and efficiently use resources 

that foster fruitful corporate stakeholder relationships. 

The need to integrate the overall and IT-related organizational risk 

management and balance the associated costs and benefits. 

Maintain information security incidents’ effects and frequency within the 

organization’s acceptable level of risk. 

a) Provide the necessary business value while minimizing the risk of 
unanticipated delays, expenses, and value degradation. The level of 
involvement and communication between businesses and consumers 
impacts this. 

b) Assure the worth and caliber of project and program outcomes. 
Maximize the program’s investment portfolio contribution. 

Developing ideal solutions that satisfy the organization’s requirements while 

reducing risk is essential. 

a) Ensure agile and scalable delivery of digital products and services. 

b) Identify the business procedures, technological advancements, and 
workflows supporting the organization’s operational and strategic 
objectives. 

Prepare for business transformation with stakeholders, make commitments, 

and lower the risk of failure. 

Provide for the quick and trustworthy distribution of modifications to 

businesses. 

Lessen the likelihood that a changing environment would suffer harm, 

compromising its stability or integrity. 

a) Give adequate asset information to enable efficient service management. 

b) Evaluate how changes will affect things and handle service incidents. 

a) Provide the intended project results while lowering the likelihood of 
unanticipated delays, expenses, and value erosion through enhancing 
business and end-user communication and participation. 

b) Assure that project results are valuable and high-quality and optimize 
their contribution to the specified program and investment portfolio. 

Delivering planned IT operational goods and services. 

a) Rapidly answering user questions and incidents will help you track 
enhanced productivity and reduce disruption. 

b) Investigate changes’ effects and handle service occurrences. 

c) In the event of an incident, respond by resolving user requests and 
restoring services. 

Increasing availability and service levels, lowering costs, improving customer 

convenience and happiness by reducing the frequency of operational issues, 

and identifying root causes as a problem-solving component are all desirable 
outcomes. 

In a substantial disruption, immediately adjust, resume business operations, 

and keep resources and information accessible at levels the organization can 

tolerate (e.g., opportunities, threats, requests). 

Reducing the impact of operational information security incidents and 

vulnerabilities on the business. 

It ensures that the company complies with all relevant outside standards. 

Provide companies with the tools they need to create and implement 

successful assurance projects and to use a road map based on a tried-and-true 

methodology to plan, scope, implement, and monitor assurance reviews. 
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Figure 6. Design governance and management objectives importance 


4. CONCLUSION 

A good ITG system is needed to carry out the functions and duties of a business organization. 
Therefore, achievements in the technology sector are due to established strategies and business contexts. 
The ITG system should be properly managed and implemented to support the organization’s business activities 
by focusing on the core model with a capability level of 4. This research showed that there are 23 core models, 
including EDM03, EDM05, APOO1, APOO03, APOO7, APOO8, APO12, APO13, BAIO1, BAI02, BAIO3, 
BAI05, BAI06, BAIO7, BAI10, BAI11, DSS01, DSS02, DSS03, DSS04, DSS05, MEAO3, and MEA04, which 
are recommended to be implemented by local government organizations. These models need to be considered as 
components modified for specific purposes in the focused area of an organization, such as information security, 
service models, IT roles, DevOps, or specific regulatory compliance. 
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